A Roaming Tiger on the Belt and Road: Is Malaysia the Victim of Politically Motivated Cyber-Attacks?

The unexpected and stunning election victory of veteran politician Mahathir Mohamad in Malaysia this May caught both the Malay elite and international observers off guard. Throwing out what many decried as a corrupt long standing governing class primarily concerned with enriching themselves, The governing class became a running sore which culminated in the widely reported IMDB scandal which saw billions being stolen from the Malaysian national wealth fund by politicians and their friends.

US justice department investigations of the 1MDB scandal resulted in a breakdown in relations with Kuala Lumpur and Washington as the Malaysian government resented what it saw as unwarranted US intervention.

The Turn to Beijing

The Malaysians instead turned north to forge ties with Beijing, who famously make non-interference a cornerstone of their foreign policy. Already a major trade partner, Chinese firms were soon backing major infrastructure projects like the East coast rail line which will have the effect of deepening Chinese economic ties and further cementing political relations.

But the election of Malaysia’s new government threw a major spanner in the works. The new administration in Kuala Lumpur wasted little time in reviewing relations with China and soon suspended several major projects following allegations of bribery and concerns over pricing. Probes into the IMDB scandal were given new life (the previous government had blocked them) and the former Prime Minister Najib Razak was arrested. Low Taek Jho a financier implicated in the scandal remains on the run, allegedly in China.

The affected projects include the multi billion dollar East Coast rail line which could have transported Chinese goods via Malaysia as well as a major pipeline project. These have significant commercial and geopolitical implications for China and represent a major pushback of its Belt and Initiative. These development also left some wondering how China would react to such a rebuff.

Cyber Warfare?

In the last week cyber security firm FireEye identified Malaysia as the target of cyber attacks originating from China as it allegedly sought to punish Malaysia for suspending its projects. The firm suggested that Chinese threat actors were targeting Malaysia through targeted malware in an effort to collect intelligence on infrastructure projects in the country.

If true these incidents highlight the possibility of China using cyber attacks through proxy groups such as Roaming Tiger and TEMP.periscope to target companies, infrastructure or nations that deviate from or track back on commercial or diplomatic promises. In particular those concerning its flagship Belt and Road initiative. Using proxies gives China the ability to distance themselves from attacks.

Russia has demonstrated the effective use of cyber warfare in recent years. The release of the Democratic Party emails has shown it can be low cost and highly effective. Compared to a invasion such as Crimea which provoked a massive international diplomatic and economic backlash.

FireEye identified that Roaming Tiger used malware to attack Western European Foreign ministries (via Toysnake). The Cambodian elections using Litrecola malware, other attacks have been made on Tibetan independence organisations.

There should also be a fear that these developments could be the tip of the iceberg. As Chinese backed threat actors develop their abilities and gain confidence they could go after ever more high profile targets.

A Sino-Malaysian summit this week highlighted strong ties between the two and the desire to increase already substantial trade, but delicately skirted round the issue of the suspended investments. Publicly China has been demonstrating a humble attitude to recent developments and there has not been an outburst of anti-Malaysian propaganda.

Infrastructure Projects Delayed

Both sides face major losses if the infrastructure projects are called off as preliminary work has already begun. It remains to be seen whether Prime Minister Mahathir has suspended the projects as a bargaining ploy to get a better deal on the projects from China. Another angle is that he is requesting that the Chinese to hand over fugitive Low Taek Jho and help bring a conclusion to the IMDB scandal. O perhap the new government genuinely see the projects as an unnecessary drain on an over stretched national budget and is just allowing the Chinese to save face by not immediately cancelling the projects.

More broadly China’s use of cyber-attacks on other countries will be trend worth watching, will Beijing target countries that resist China or attempt to interfere in national elections and how will nations hit by such attacks respond.